This Week in Technology

Researchers develop new technique to identify malware in embedded systems

At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data.Spectre and Meltdown are high-profile examples of micro-architectural malware.

Chrome on Android: Phishing attackers can now trick you with fake address bar

Normally, when the user scrolls up, Chrome will redisplay the true URL bar. But we can trick Chrome so that it never redisplays the true URL bar. Once Chrome hides the URL bar, we move the entire page content into a 'scroll jail' – that is, a new element with overflow:scroll. Then the user thinks they're scrolling up in the page, but in fact they're only scrolling up in the scroll jail.

Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens

Docker, a company that makes software tools for programmers and developers, said on Friday that hackers had accessed one of its Docker Hub databases and could have stolen sensitive data from around 190,000 accounts.

“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.

Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn

Threats can be countered by implementing some relatively simple cybersecurity techniques that make movement between systems almost impossible. Network segregation can help you stop a malware attack from happening. You should be separating network components logically, but also based on criticality and by following industry best practice and industry standards.

Wi-Fi 6 will provide a huge boost in total network capacity and reliability and should improve speed, performance, and capacity for wireless networking in both homes and enterprises. Cisco noted that the internet of things (IoT) means we’ll have billions more devices connected to the internet, and the networking infrastructure is going to have to keep pace with that.

Exobot’s main functionality is to steal sensitive information from banking apps and financial services. Once Exobot infects a device, it uses “overlay attacks” to steal banking information. In an overlay attack, the attacker places an invisible window on top of the user interface of the targeted app and intercepts whatever the user types or taps.

The cybercriminals stole data from Germany-based CITYCOMP, which provides servers, storage and other computer equipment to other enterprise-level organizations and subsequently blackmailed the firm and threatened to publish the stolen information if the demands weren’t met.

STEALTHbits Technologies, Inc announced the release of the STEALTHbits Access Library, a new portal for users to download free connectors designed to audit data access rights across a variety of popular cloud and on-premises data repositories.

Six Tips That You Should Use Before Creating Your Next Password: Gary Davis, McAfee

Years ago, consumers did not store nearly as much personal data on the internet. However, today, our most sensitive details live behind online password protection – from our financials, to our official documentation, personal photos and more. This means consumer behavior around passwords must evolve, in order to prevent cybercriminals from accessing vital information.

Why credit card data stealing point-of-sale malware is still such a big problem

Old hardware, vulnerabilities in unsupported operating systems and malware files that are so small they're virtually undetectable mean that point-of-sale (POS) malware is thriving as a key method for cyber criminals looking to steal credit card data and other personal information.

This password-stealing malware just evolved a new tactic to remain hidden

Now Qakbot has been updated with a new persistence mechanism which makes it harder for victims to detect and remove the malware. The new obfuscation technique has been detailed by cybersecurity researchers at Cisco Talos.

The Evergreen Storage Service (ES2) for backup data has a flash-to-flash-to-cloud architecture that provides storage as a service for block, file, object and backup data. With the unified subscription model, customers can move all or any portion of their pay-per-use block storage capacity between environments without adjusting their contract.